CVE-2008-3526

Name of the Vulnerable Software and Affected Versions linux-headers-2.6.24-etchnhalf.1-all-mips versions 2.6.24-etchnhalf.1 linux-headers-2.6.24-etchnhalf.1-r4k-ip22 versions 2.6.24-etchnhalf.1 linux-headers-2.6.24-etchnhalf.1-r5k-ip32 versions 2.6.24-etchnhalf.1 linux-image-2.6.24-etchnhalf.1-r4k-ip22 versions 2.6.24-etchnhalf.1 linux-image-2.6.24-etchnhalf.1-r5k-ip32 versions 2.6.24-etchnhalf.1 kernel-rt versions prior to the fixed version kernel-rt debug versions prior to the fixed version Linux kernel versions 2.6.24-rc1 through 2.6.26.3

Description The issue affects the Linux kernel and various Debian GNU/Linux and openSUSE packages, allowing remote attackers to exploit multiple vulnerabilities. These vulnerabilities can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation can be done remotely. Specifically, an integer overflow in the sctp setsockopt auth key function in net/sctp/socket.c allows remote attackers to cause a denial of service or possibly have other unspecified impacts via a crafted sca keylength field associated with the SCTP AUTH KEY option.

Recommendations For linux-headers-2.6.24-etchnhalf.1-all-mips version 2.6.24-etchnhalf.1, update to a newer version that contains a fix for this issue. For linux-headers-2.6.24-etchnhalf.1-r4k-ip22 version 2.6.24-etchnhalf.1, update to a newer version that contains a fix for this issue. For linux-headers-2.6.24-etchnhalf.1-r5k-ip32 version 2.6.24-etchnhalf.1, update to a newer version that contains a fix for this issue. For linux-image-2.6.24-etchnhalf.1-r4k-ip22 version 2.6.24-etchnhalf.1, update to a newer version that contains a fix for this issue. For linux-image-2.6.24-etchnhalf.1-r5k-ip32 version 2.6.24-etchnhalf.1, update to a newer version that contains a fix for this issue. For kernel-rt and kernel-rt debug, update to a version that is not vulnerable. For Linux kernel versions 2.6.24-rc1 through 2.6.26.3, update to a version outside of this range. As a temporary workaround, consider restricting access to the sctp setsockopt auth key function until a patch is available.